CVE-2022-2019

CWE-285 CWE-863 — Incorrect Authorization CWE-732 — Incorrect Permission Assignment37 documents11 sources

Severity

7.5HIGH

EPSS

0.2%

top 58.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Prison Management System Prison Management System Project Prison Management System

Timeline

PublishedJun 9

Latest updateJan 14

Description

A vulnerability classified as critical was found in SourceCodester Prison Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php?f=save of the component New User Creation. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages2 packages

▶CVEListV5sourcecodester/prison_management_system1.0

▶NVDprison_management_system_project/prison_management_system1.0

🔴Vulnerability Details

OSV

angular.js vulnerabilities↗2026-01-14

▶

GHSA

GHSA-467r-6mjf-fx3w: A vulnerability classified as critical was found in SourceCodester Prison Management System 1↗2022-06-10

▶

CVEList

SourceCodester Prison Management System New User Creation improper authorization↗2022-06-07

▶

💥Exploits & PoCs

Exploit-DB

Kramer VIAware 2.5.0719.1034 - Remote Code Execution (RCE)↗2022-03-30

▶

📋Vendor Advisories

CISA

Microsoft Excel Remote Code Execution Vulnerability↗2022-03-03

▶

CISA

Docker Desktop Community Edition Privilege Escalation Vulnerability↗2021-11-03

▶

CISA

Atlassian Crowd and Crowd Data Center Remote Code Execution Vulnerability↗2021-11-03

▶

CISA

Apple iOS and macOS Group Facetime Vulnerability↗2021-11-03

▶

CISA

Microsoft Win32k Privilege Escalation Vulnerability↗2021-11-03

▶

🕵️Threat Intelligence

Trendmicro

CVE-2019-8561 A Hard-to-Banish PackageKit Framework Vulnerability in macOS↗2022-11-11

▶